HOW TO: Running Lansweeper Service as non-admin under Windows Server 2008

Posted: May 22, 2009 in Computers and Internet
Vista and Windows Server 2008 increase the security on the creation of HTTP listeners (HttpListener). If you try to run the Lansweeper service under a non-administrator account as you can with Windows Server 2003, you will encounter the error below:
 
5/21/2009 4:00:53 PM: Access is denied
   at System.Net.HttpListener.AddAll()
   at System.Net.HttpListener.Start()
   at LansweeperService.Listen.DoListen()
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Threading.ThreadHelper.ThreadStart()
 
To workaround this issue under Vista or Windows Server 2008, you can authorize (reserve) your service account to create the HTTP listener the Lansweeper service needs.
 
At an admin command prompt enter the following command:
 
netsh http add urlacl url=http://*:<port#>/ user=domain\service-account
 
ex.:  netsh http add urlacl url=http://*:9524/ user=contoso\svc-lansweeper
 
After applying the netsh command and given your Lansweeper service account modify rights to the installation folder (for write permissions to the log file) and "Log On As A Service" right in the Local Security Policy, you will then be able to start the Lansweeper service under an non-admin domain account.
 
To display the reserved HTTP listener URL enter the following command:
netsh http show urlacl
 
You should see similar output as below:
Reserved URL            : http://*:9524/
    User: CONTOSO\svc-lansweeper
        Listen: Yes
        Delegate: No
        SDDL: D:(A;;GX;;;S-1-5-21-1308237860-4193317556-336787646-243859)
 
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s